Data Processing Agreement

This annex sets out the conditions under which ModuShop processes personal data on behalf of the Client in the context of the Service.

• The Client acts as the data controller.
• ModuShop acts as the data processor within the meaning of Regulation (EU) 2016/679 (GDPR).

The data that may be processed includes, but is not limited to:

• End customer data of the Client (name, email, address);
• Order data;
• Contact data;
• Support data.

The exact categories depend on the Client's use of the Service.

ModuShop processes data exclusively for the following purposes:

• Providing the SaaS Service;
• Ensuring hosting;
• Ensuring maintenance and security;
• Providing technical support.

No commercial use of data is made by ModuShop.

ModuShop processes data only on documented instructions from the Client.

ModuShop implements reasonable technical and organisational measures to protect data against:

• unauthorised access;
• loss;
• alteration;
• disclosure.

ModuShop may engage technical sub-processors (hosting provider, third-party services).

ModuShop ensures that they provide sufficient guarantees regarding data protection.

Data is hosted within the European Union.

Any potential transfer outside the EU would be governed by appropriate safeguards in accordance with the GDPR.

To the extent possible, ModuShop assists the Client in:

• responding to data subject rights requests;
• notifying a data breach.

At the end of the contract, a standard data export is made available to the Client.

Data may be deleted after a reasonable period following the end of the contract.